#BruteForce – Xynik

Iranian hackers act as brokers selling critical infrastructure access

October 16, 2024 by Xynik

October 16, 2024 at 07:22PM Iranian hackers are infiltrating critical infrastructure sectors, including healthcare and government, using brute-force methods to acquire credentials for resale on criminal forums. A joint advisory from U.S., Canadian, and Australian cybersecurity agencies details these tactics, emphasizing the need for organizations to enhance security measures and monitor for unusual login activities. … Read more

Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations

October 16, 2024 by Xynik

October 16, 2024 at 10:34AM The FBI, CISA, NSA, and other agencies warn of Iranian cyber actors exploiting brute force techniques to breach critical infrastructure sectors. These actors aim to obtain credentials for malicious activities. The advisory outlines their tactics and offers mitigation strategies, emphasizing strong passwords and multifactor authentication for enhanced cybersecurity. ### Meeting … Read more

How Hybrid Password Attacks Work and How to Defend Against Them

October 11, 2024 by Xynik

October 11, 2024 at 07:39AM Threat actors use hybrid password attacks, combining techniques like brute force and dictionary methods to enhance their effectiveness in stealing credentials. To defend against these attacks, organizations should implement multi-factor authentication, require longer passwords, prevent weak patterns, and audit for compromised passwords through tools like Specops Password Policy. ### Meeting … Read more

Threat Actors Target Accounting Software Used by Construction Contractors

September 18, 2024 by Xynik

September 18, 2024 at 11:14AM Huntress warns of cyberattacks targeting Foundation Accounting Software, widely used in construction. Threat actors are brute forcing the application and exploiting default credentials, compromising organizations in various sub-industries. The attackers target MSSQL accounts, execute OS commands, and automate attacks. Only 33 publicly exposed hosts running the software with unchanged default … Read more

Cisco Warns of Global Surge in Brute-Force Attacks Targeting VPN and SSH Services

April 17, 2024 by Xynik

April 17, 2024 at 04:42AM Cisco warns of a surge in brute-force attacks targeting VPN services, web application interfaces, and SSH services, originating from TOR exit nodes and other proxy services. Various devices are being targeted across different sectors and geographies using both generic and valid usernames. Additionally, threat actors are exploiting a security flaw … Read more

Top MITRE ATT&CK Techniques and How to Defend Against Them

April 10, 2024 by Xynik

April 10, 2024 at 01:04AM MITRE ATT&CK techniques dominate cybersecurity incidents, particularly command and scripting interpreters (T1059) and phishing (T1566). A report by D3 Security reveals these techniques surpass others significantly. The widespread usage of malicious scripts underlines the need for comprehensive incident response plans. Additionally, robust education and multifactor authentication help defend against phishing … Read more

Ukraine Arrests Trio for Hijacking Over 100 Million Email and Instagram Accounts

March 20, 2024 by Xynik

March 20, 2024 at 03:54AM Ukraine’s Cyber Police arrested three individuals for hijacking 100M emails and Instagram accounts, facing up to 15 years in prison if convicted. The group carried out brute-force attacks to take over accounts and sold the credentials on the dark web. In the U.S., Robert Purbeck pleaded guilty to breaching entities … Read more

Ukraine arrests hackers trying to sell 100 million stolen accounts

March 19, 2024 by Xynik

March 19, 2024 at 02:22PM The Ukrainian cyber police, in collaboration with national police, have arrested three individuals accused of hijacking over 100 million emails and Instagram accounts worldwide, using specialized software to brute-force account passwords. The cybercriminals sold access to compromised accounts and are charged with unauthorized interference in information systems, with a potential … Read more

Credentials are Still King: Leaked Credentials, Data Breaches and Dark Web Markets

January 18, 2024 by Xynik

January 18, 2024 at 11:03AM Infostealer malware poses a significant risk to corporate information security by stealing credentials, cookies, and other data, leading to data breaches and ransomware distribution. Leaked credentials from breaches and infostealers are a substantial threat, prompting organizations to monitor and defend against them. Flare offers a solution to detect and mitigate … Read more

MySQL servers targeted by ‘Ddostf’ DDoS-as-a-Service botnet

November 16, 2023 by Xynik

November 16, 2023 at 03:16PM Researchers at AhnLab Security Emergency Response Center (ASEC) have discovered a new campaign targeting MySQL servers with the ‘Ddostf’ malware botnet. The attackers exploit vulnerabilities or weak credentials to gain access to the servers and use user-defined functions (UDFs) to execute commands. The primary payload is the Ddostf bot client, … Read more